Pete Recommends – Weekly highlights on cyber security issues, November 28, 2020

Subject: Attackers Dupe GoDaddy Into Abetting Cryptocurrency Site Takedowns
Source: Gizmodo

Roughly one year after a data breach at GoDaddy compromised 28,000 customer accounts, the world’s largest internet domain registrar is once again at the center of a security scandal. Hackers brought down several cryptocurrency services using GoDaddy domains in recent weeks, and apparently the company’s own staff unwittingly helped in these attacks.Hackers purportedly duped GoDaddy employees into handing over the reins to several cryptocurrency services’ web domains, and then used those permissions to make unauthorized changes and bring down the sites, per a report from the cyber-centric blog Krebs On Security on Saturday. While it remains unclear how many companies fell for this scam, the cryptocurrency trading platform Liquid and mining service NiceHash uncovered attacks within days of each other.

As Krebs notes, hackers have increasingly relied on voice phishing, or “vishing,” to attack corporations in recent months. That’s when attackers use one-on-one phone calls, often pretending to be tech support for a target’s employer, to try to steer targets toward phishing sites to harvest account credentials and other sensitive company information.



Subject: Avril Haines nominated as first female director of national intelligence
Source: WHYY

President-elect Joe Biden selected Avril Haines as his director of national intelligence on Monday. Haines, 51, worked with Biden under President Barack Obama and led the Biden transition’s national security and foreign policy team. She served as the White House deputy national security advisor and deputy director of the CIA. She was the first woman to hold both positions. And now, she will become the first woman to head national intelligence.In that role, she will oversee the National Intelligence Program, the National Security Council, the Homeland Security Council and advise the president.

Subject: “Monetizing Privacy”: The Fed Fans Out, Touting the “Digital Dollar.” This Time, How Consumers Would Benefit
Source: Wolf Street

“As cash use continues to decline, the question naturally arises as to whether central banks should provide a digital alternative to cash that also provides some privacy features,” says the blog post, titled “Monetizing Privacy,” by the New York Fed. The post is based on a 26-page academic paper on digital payment methods that have been used broadly, the current market structure of digital payment methods, the data-gathering that occurs, versus cash payments that preserve privacy – and versus the “digital dollar” now being worked on.Each time a digital payment takes place, the companies involved gather voluminous amounts of data and hang on to it because it gives them a competitive advantage in selling more goods or services to this particular consumer. This data has a lot of value for these companies – a key point we’ll get to in a moment with regards to the “digital dollar.”

The amount of currency in circulation is demand-based: Banks have to have enough currency on hand to satisfy their customers’ demand for currency, and during a crisis, people load up and hoard cash, much of it overseas, and to meet this demand, banks have to buy more currency from the Fed, usually paying with Treasury securities for this paper.

The digital dollar is not going to replace “currency in circulation” for hoarding purposes. Dollar bills will continue to fulfill that function. Instead, the digital dollar will be designed to compete with digital payment methods and checks.

So now the New York Fed is touting the digital dollar in an entirely different sense: privacy and pressuring companies to pay consumers for the data they collect.

OK, we’ve got to get this straight: The digital dollar, if designed properly, would protect the user from the prying eyes of Corporate America and its vast data collection apparatus. For this purpose, it would be like paying with cash. But it would not protect the user from the Fed’s prying eyes.

This consideration of privacy from the prying eyes of Corporate America should go into the design of the digital currency, the article says, adding that “a privacy-preserving digital payment method may improve consumer welfare,” in ways that are somewhat unexpected.

The concept of “Monetizing Privacy.”

see also:


Subject: Amazon and Feds Team Up to Sniff Out Counterfeiters
Source: Gizmodo

The deal will see Amazon share data from its sprawling marketplace with the National Intellectual Property Rights Coordination (IPR) Center—a division of Immigration and Customs Enforcement (ICE), which is itself a division of DHS—responsible for, among other things, keeping counterfeit consumer goods and phony pharmaceuticals from reaching U.S. soil. While the data being shared here is somewhat undefined, the company stated that any pertinent evidence gleaned there or from any “targeted inspections” will be tacked onto any ongoing federal investigations into these shady supply chains.

Filed to: bedfellows

Subject: Amazon faces backlash over using Sidewalk for neighborhood networks
Source: Business Insider

  • Amazon Sidewalk is launching in the US as an opt-out feature that will connect Echo and Ring doorbells to any nearby Alexa device, even those owned by your neighbors.
  • Amazon said Sidewalk uses WiFi from neighbors to create “a shared network that helps devices work better,” but some raised privacy concerns.
  • Amazon apologized to UK Alexa owners, some of whom were notified of the US-only launch.

Sidewalk uses Alexa devices, including Echo and Ring video doorbells, to create a “shared network” that will help “devices work better,” Amazon said in an email to device owners. It allows nearby devices to use a portion of a neighbor’s WiFi bandwidth, so that devices can have more range.

Anticipating privacy concerns, Amazon published a research paper detailing the technology behind Sidewalk and the steps taken to keep users’ data private. The company concluded that privacy was one of the “foundational principals” of Sidewalk’s design.

Some were still skeptical of whether such a network would keep user data private. Surrey University Professor Alan Woodward, who specializes in cybersecurity, told BBC News that Sidewalk should be an opt-in feature, adding, “It feels wrong not knowing what your device is connected to.”

In an emailed statement, an Amazon spokesperson confirmed that Sidewalk is automatically enabled for existing customers.

Subject: Microsoft productivity score feature criticised as workplace surveillance
Source: The Guardian via beSpacific

The Guardian – “Microsoft has been criticised for enabling “workplace surveillance” after privacy campaigners warned that the company’s “productivity score” feature allows managers to use Microsoft 365 to track their employees’ activity at an individual level. The tools, first released in 2019, are designed to “provide you visibility into how your organisation works”, according to a Microsoft blogpost, and aggregate information about everything from email use to network connectivity into a headline percentage for office productivity. But by default, reports also let managers drill down into data on individual employees, to find those who participate less in group chat conversations, send fewer emails, or fail to collaborate in shared documents…”Guardian Topics

Sample RSS feed

Posted in: Criminal Law, Cybercrime, Cybersecurity, Economy, Free Speech, Gadgets/Gizmos, Legal Research, Privacy